[TlsInterception] [False Alarm] Unreliable for Python < 3.10 with untrusted self-signed CA certificates

[abhinavsingh]

Python < 3.10 runs into following exception for certificates generated with make ca-certificates

2022-01-14 12:17:45,676 - pid:13726 [E] server.wrap_client:848 - OSError when wrapping client for upstream: httpbin.org
Traceback (most recent call last):
  File "/Users/abhinavsingh/Dev/proxy.py/proxy/http/proxy/server.py", line 815, in wrap_client
    self.client.wrap(self.flags.ca_signing_key_file, generated_cert)
  File "/Users/abhinavsingh/Dev/proxy.py/proxy/core/connection/client.py", line 46, in wrap
    self._conn = ssl.wrap_socket(
  File "/Users/abhinavsingh/.pyenv/versions/3.10.0/lib/python3.10/ssl.py", line 1438, in wrap_socket
    context.load_cert_chain(certfile, keyfile)
ssl.SSLError: [X509: KEY_VALUES_MISMATCH] key values mismatch (_ssl.c:3883)

[abhinavsingh]

This is again a false alarm. This happens when CA certificates or python version has been changed, but previously generated certificates haven't been deleted. This results in mis-match error.

[abhinavsingh]

To remove any future regressions or doubts, we have now added integration tests for TLS Interception in https://github.com/abhinavsingh/proxy.py/actions/runs/1696686488